Overview

overview

10

Static

static

10

fb11f69774...3e.exe

windows7_x64

10

fb11f69774...3e.exe

windows10_x64

10

Analysis

  • max time kernel
    10s
  • max time network
    112s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    08-05-2021 19:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fb11f6977413651da182052f135451ad0c21578b07632e537f0d1271d86d943e.exe

  • Size

    711KB

  • MD5

    ea43ba032654e98a069913fd21bca387

  • SHA1

    82d0f5ec89f7fb223e106aab6410135d25988ec2

  • SHA256

    fb11f6977413651da182052f135451ad0c21578b07632e537f0d1271d86d943e

  • SHA512

    270fd84100745887b371df0134cbcde8c09a2d1b418dac85a37b293dc678025460d427a67dbdd68dac92892750ca35df15aef69a4522f1e4a28dca9ec2c01c78

Score
10/10
fakeavfakeavpersistencespyware

Malware Config

Signatures

  • FakeAV, RogueAntivirus

    FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    fakeavspywarefakeav
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fb11f6977413651da182052f135451ad0c21578b07632e537f0d1271d86d943e.exe
    "C:\Users\Admin\AppData\Local\Temp\fb11f6977413651da182052f135451ad0c21578b07632e537f0d1271d86d943e.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    PID:4044

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4044-114-0x00000000004C0000-0x000000000060A000-memory.dmp

    Filesize

    1.3MB

    Download